forgejo: accept users only part of the admin group
This commit is contained in:
parent
fcb5b84dcb
commit
7140d09f8f
2 changed files with 3 additions and 2 deletions
|
|
@ -493,7 +493,7 @@ in
|
|||
--bind-password $(tr -d '\n' < ${cfg.ldap.adminPassword.result.path}) \
|
||||
--security-protocol Unencrypted \
|
||||
--user-search-base ou=people,${cfg.ldap.dcdomain} \
|
||||
--user-filter '(&(memberof=cn=${cfg.ldap.userGroup},ou=groups,${cfg.ldap.dcdomain})(|(uid=%[1]s)(mail=%[1]s)))' \
|
||||
--user-filter '(&(|(memberof=cn=${cfg.ldap.userGroup},ou=groups,${cfg.ldap.dcdomain})(memberof=cn=${cfg.ldap.adminGroup},ou=groups,${cfg.ldap.dcdomain}))(|(uid=%[1]s)(mail=%[1]s)))' \
|
||||
--admin-filter '(memberof=cn=${cfg.ldap.adminGroup},ou=groups,${cfg.ldap.dcdomain})' \
|
||||
--username-attribute uid \
|
||||
--firstname-attribute givenName \
|
||||
|
|
@ -512,7 +512,7 @@ in
|
|||
--bind-password $(tr -d '\n' < ${cfg.ldap.adminPassword.result.path}) \
|
||||
--security-protocol Unencrypted \
|
||||
--user-search-base ou=people,${cfg.ldap.dcdomain} \
|
||||
--user-filter '(&(memberof=cn=${cfg.ldap.userGroup},ou=groups,${cfg.ldap.dcdomain})(|(uid=%[1]s)(mail=%[1]s)))' \
|
||||
--user-filter '(&(|(memberof=cn=${cfg.ldap.userGroup},ou=groups,${cfg.ldap.dcdomain})(memberof=cn=${cfg.ldap.adminGroup},ou=groups,${cfg.ldap.dcdomain}))(|(uid=%[1]s)(mail=%[1]s)))' \
|
||||
--admin-filter '(memberof=cn=${cfg.ldap.adminGroup},ou=groups,${cfg.ldap.dcdomain})' \
|
||||
--username-attribute uid \
|
||||
--firstname-attribute givenName \
|
||||
|
|
|
|||
|
|
@ -149,6 +149,7 @@ let
|
|||
waitForSystemdServices = [ "lldap.service" ];
|
||||
|
||||
userGroup = "user_group";
|
||||
adminGroup = "admin_group";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue